package cn.group.configurations;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import cn.group.realm.UserRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    /**
     * 凭证匹配器
     * @return
     */
    @Bean
    public HashedCredentialsMatcher credentialsMatcher(){
        HashedCredentialsMatcher credentialsMatcher=new HashedCredentialsMatcher();
        //加密算法
        credentialsMatcher.setHashAlgorithmName("MD5");
        //哈希迭代数（加密次数）
        credentialsMatcher.setHashIterations(3);
        //16 进制存储（true）或者Base64 存储（false）
//        credentialsMatcher.setStoredCredentialsHexEncoded(false);
        return credentialsMatcher;
    }

    /**
     * 缓存
     * @return
     */
    @Bean
    public CacheManager cacheManager(){
        return new MemoryConstrainedCacheManager();
    }

    /**
     * 过滤对象
     * @param defaultWebSecurityManager
     * @return
     */
    @Bean(name = "shiroFilterFactoryBean")
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);
        //添加Shiro的内置过滤器
        Map<String, String> filterMap = new LinkedHashMap<>();
        /*filterMap.put("/index.html","authc");
        filterMap.put("/login.html","anon");*/
        filterMap.put("/toLogin","anon");
        filterMap.put("/tototo","authc");

        /**静态资源放行*/
        /*filterMap.put("/swagger-ui.html","anon");
        filterMap.put("/webjars/**","anon");
        filterMap.put("/AD/**","anon");
        filterMap.put("/bootstrap-3.3.7/**","anon");
        filterMap.put("/css/**","anon");
        filterMap.put("/dist/**","anon");
        filterMap.put("/fonts/**","anon");
        filterMap.put("/images/**","anon");
        filterMap.put("/js/**","anon");
        filterMap.put("/layer/**","anon");
        filterMap.put("/lib/**","anon");
        filterMap.put("/Plugins/**","anon");
        filterMap.put("/products/**","anon");
        filterMap.put("/skins/**","anon");
        filterMap.put("/validation-1.19.2/**","anon");
        filterMap.put("/vue/**","anon");*/

        /**拦截未放行页面*/
        /*filterMap.put("/showRoleList.do","1");*/
//
        //授权,    回调到未授权页面     想访问add页面必须要有user:add权限字符串
//        filterMap.put("/**","perms[user:add]");

        //未授权页面
        bean.setUnauthorizedUrl("/noauth");
        bean.setFilterChainDefinitionMap(filterMap);
        //未登录
        bean.setLoginUrl("/toLogin");
        return bean;
    }

    /**
     * 安全对象
     * @param userRealm
     * @return
     */
    @Bean()
    public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联userRealm
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    /**
     * 自定义return
     * (认证授权)
     * @return
     */
    @Bean
    public UserRealm userRealm(){
        UserRealm userRealm = new UserRealm();
        userRealm.setCredentialsMatcher(credentialsMatcher());
        return userRealm;
    }

    /**
     * 整合Shiro 和 thymeleaf配置
     * @return
     */
    @Bean
    public ShiroDialect shiroDialect(){
        return new ShiroDialect();
    }
}
